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REMARKS 

Reconsideration of the rejection of claims 1-10 under 35 USC §103 (a) in view of U.S. 
Patent Nos. 6,393,468 (McGee) and 6,799,155 (Lindemann) is respectfully traversed for at least 
the following reasons: 

Neither the McGee patent nor the Lindemann patent is directed to a prompt table for 
assigning input values to numeric keys in a PINpad, as claimed. Instead, McGee 
concerns access to webpages using tokens, while Lindemann is directed to software 
emulation of SIM cards in a telecommunications network; 

Since neither McGee nor Lindemann is directed to a prompt table for a PINpad, neither 
suggests a dynamic prompt table that can be downloaded to a PINpad in order to update 
key assignments, as claimed; and 

Since neither McGee nor Lindemann suggests downloading of prompt tables to a PINpad 
(or any other type of device having keys), neither McGee nor Lindemann could possibly 
have suggested authentication of prompt tables downloaded to a PINpad, or the claimed 
arrangement for doing so. 

The claimed invention concerns "prompt tables" which are used to assign values or 
meanings to the numeric keys of a PINpad. Normally, the numeric keys of a PINpad have fixed 
values, namely the digits 0 to 9. The prompt table re-assigns the key values so that alphanumeric 
or other information can be added in response to messages displayed on the display screen of the 
PINpad. For example, the message might read, "press license number," and the prompt table 
might assign key values that enable entry of letters as well as numbers. If the prompt tables are 
pre-loaded into the PINpad and the PINpad is not programmable, then the use of prompt tables 
does not present a problem. However, when means are provided to enable updating or changing 
the prompt tables, i.e. , the prompts and corresponding key assignments, then there is a possibility 
that a malicious programmer could design prompts and key assignments that elicit private 
information from users in order to misuse the information. The invention provides a method and 
system for preventing download of malicious prompt tables. 
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Claim 1 originally recited: 

1 . A system for securing input of non-PIN data using a numeric keypad of 
a PINpad terminal, comprising: 

a dynamic prompt table file arranged to permit numeric keys on the 
keypad to be used for entry of non-PIN data if and only if an appropriate prompt 
has been, and continues to be, displayed at the time of data entry; and 

a file authentication arrangement for authenticating said dynamic prompt 
table file upon loading of the dynamic prompt table file in the terminal. 

While the Applicant believes that this language clearly distinguished systems such as the ones 

disclosed in McGee and Lindemann that have nothing to do with PINpad terminals, and dynamic 

prompt table files, claim 1 has been amended as follows in order to even more clearly set forth 

the features of the invention, namely that the invention in fact concerns prompt table files for 

assigning keys in PINpad terminals, and not access to webpages as in McGee or SIM emulation 

as in Lindemann: 

1 . (Currently Amended) A system for securing input of non-PIN data using a 
numeric keypad of a PINpad terminal, said PINpad terminal comprising: 

a numeric keypad including a plurality of numeric keys through which 
data is input, processing of said data being initiated by at least one prompt table 
file in response to display of prompts listed in the prompt table: 

a memory for storing said at least one prompt table file: 

a display for displaying said prompts: 

tr wherein said dynamic prompt table file is arranged to permit numeric 
keys on the keypad to be used for entry of non-PIN data if and only if an 
appropriate prompt has been, and continues to be, displayed at the time of data 
entry; and 

said system further comprises a file authentication arrangement for 
authenticating said dynamic prompt table file upon loading of the dynamic 
prompt table file in the terminal. 

These changes do not affect the scope of the claims, but rather simply spell-out features of the 

originally claimed PINpad. Corresponding changes have been made to claim 6. 

The Examiner will note that one of the limitations involves limiting key assignments by 
the prompt table to situations in which an appropriate prompt is displayed at the time of data 
entry. This is a unique feature of prompt tables, explained in the introductory portion of the 
present application, which associates key assignments to specific displays. In the rejection, the 
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Examiner apparently considers an ordinary database that associates URLs and tokens to be 
analogous to a prompt table. However, the ordinary database does not limit key assignments to 
display of prompts. 

Nothing in the McGee patent or the Lindemann patent is even remotely suggestive of 
application to PINpads, nor could the systems described therein be used to secure prompt table 
downloads to a PINpad terminal. 

According to the system and method of McGee, when a user requests information over 
the Internet from a webserver, the server sends a "token" to the user and assigns a URL to the 
token, so that when the user subsequently sends the token to the server, the server can retrieve 
the webpage associated with the URL and thereby provide the requested information without 
revealing the actual URL to the user. The token is, as explained in col. 4, lines 24, "a series of 
digits or other characters" which have "a form from which no information about the reference 
or the respective information item can be derived" McGee's assigning of URLs to tokens 
basically has nothing to do with the claimed invention . 

According to the invention, prompt tables are used to assign values to keys of a numeric 
keypad. McGee' s system does not involve a numeric keypad, assigning values to keys of a 
keypad, or any sort of downloadable "table." Whereas the claimed invention is concerned with 
protecting users of the keypad from malicious prompt tables that might be downloaded to the 
keypad, McGee is concerned with hiding URLs from users who access the server over a remote 
network. The users cannot download files to the server, and McGee is not concerned with the 
possibility of malicious downloads. Furthermore, McGee does not even attempt to authenticate 
clients. Instead of attempting to authenticate clients, McGee hides information from them. There 
is no need for the type of authentication claimed , and certainly no suggestion of applying such 
authentication to updating of prompt tables in a PINpad. A PINpad is not analogous to a 
webserver, and a database of tokens and URLs is not analogous to a key-assignment 



7 



Serial Number 09/893,478 



prompt table. Therefore, the McGee patent essentially has nothing to do with the claimed 
invention, and certainly does not teach the claimed invention. 

The Lindemann patent has even less to do with the claimed invention. Lindemann 
concerns replacing SIMs, the chips inserted into cellular telephones, with software that can be 
implemented on an environmentally hardened processor. While the SIM emulation software 
authenticates itself to a communications network, just as ordinary SIM chips do, the 
authentication does not involve signing of files to be downloaded to a terminal (or anywhere 
else), and otherwise having nothing to do with the claimed invention. Signing on to a 
communications network using emulation software on an environmentally hardened 
processor (rather than a SIM), as taught by Lindemann, is not analogous to an 
authentication arrangement for prompt tables to be downloaded to a PINpad terminal. The 
communications protocol of Lindemann does not involve downloading of a files to a terminal, 
and in fact does not involve any sort of file authentication. Instead, it involves verification that 
a transmission has originated from a subscriber. This is not suggestive of the claimed 
authentication, and of course has absolutely nothing to do with the URL assignment scheme of 
McGee. Nothing in McGee nor Lindemann could possibly have caused the ordinary artisan to 
apply Lindemann' s SIM emulation teachings to a webserver of the type disclosed by McGee, and 
even if such a combination were somehow possible, the result would not have been the claimed 
invention . 

Since neither the McGee patent nor the Lindemann patent even remotely suggests any 
features of the claimed invention, it is respectfully submitted that the rejection of claims 1-10 
under 35 USC § 1 03(a) is improper and withdrawal of the rejection is believed to be appropriate. 

Having thus overcome the sole rejection made in the Official Action, withdrawal of the 
rejections and expedited passage of the application to issue is requested. 
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